Search
Total
86024 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-2853 | 1 Abarcar | 1 Abarcar Realty Portal | 2017-07-20 | 7.5 HIGH | N/A |
| SQL injection vulnerability in content.php in abarcar Realty Portal 5.1.5 allows remote attackers to execute arbitrary SQL commands via the cat parameter. | |||||
| CVE-2006-2854 | 1 Ibwd | 1 Ibwd Guestbook | 2017-07-20 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in iBWd Guestbook 1.0 allows remote attackers to execute arbitrary SQL commands via the offset parameter. | |||||
| CVE-2006-2855 | 1 Xuebook | 1 Xuebook | 2017-07-20 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in xueBook 1.0 allows remote attackers to execute arbitrary SQL commands via the start parameter. | |||||
| CVE-2006-2856 | 1 Activestate | 1 Activeperl | 2017-07-20 | 4.6 MEDIUM | N/A |
| ActiveState ActivePerl 5.8.8.817 for Windows configures the site/lib directory with "Users" group permissions for changing files, which allows local users to gain privileges by creating a malicious sitecustomize.pl file in that directory. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-2861 | 1 Particle Soft | 1 Particle Wiki | 2017-07-20 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in Particle Wiki 1.0.2 and earlier allows remote attackers to execute arbitrary SQL commands via the version parameter. | |||||
| CVE-2006-2869 | 1 Alwil | 1 Avast Antivirus | 2017-07-20 | 10.0 HIGH | N/A |
| Unspecified vulnerability in the CHM unpacker in avast! before 4.7.844 has unknown impact and remote attack vectors. | |||||
| CVE-2006-2870 | 1 Intelligent Solutions | 1 Asp Discussion Forum | 2017-07-20 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in forum_search.asp in Intelligent Solutions Inc. ASP Discussion Forum allows remote attackers to inject arbitrary web script or HTML via the search variable. | |||||
| CVE-2006-2873 | 1 Enigma Haber | 1 Enigma Haber | 2017-07-20 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in hava.asp in Enigma Haber 4.2 allows remote attackers to inject arbitrary web script or HTML via the il parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-2874 | 1 Osads Alliance Database | 1 Osads Alliance Database | 2017-07-20 | 4.3 MEDIUM | N/A |
| Unspecified vulnerability in OSADS Alliance Database before 1.4 has unknown impact and attack vectors related to a "Security Leak to lock in HTML-Code," possibly due to a cross-site scripting (XSS) vulnerability involving comments. | |||||
| CVE-2006-2879 | 1 Alex | 1 News-engine | 2017-07-20 | 7.5 HIGH | N/A |
| SQL injection vulnerability in newscomments.php in Alex News-Engine 1.5.0 and earlier allows remote attackers to execute arbitrary SQL commands via the newsid parameter. | |||||
| CVE-2006-2880 | 1 Pyblosxom | 1 Pyblosxom | 2017-07-20 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Contributed Packages for PyBlosxom 1.2.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the Comments plugin in the (1) url and (2) author fields. | |||||
| CVE-2006-2885 | 1 Knowledgetree | 1 Knowledgetree | 2017-07-20 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in KnowledgeTree Open Source 3.0.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) fDocumentId parameter in view.php and the (2) fSearchableText parameter in /search/simpleSearch.php. | |||||
| CVE-2006-2886 | 1 Jam Warehouse | 1 Knowledgetree Open Source | 2017-07-20 | 4.3 MEDIUM | N/A |
| view.php in KnowledgeTree Open Source 3.0.3 and earlier allows remote attackers to obtain the full installation path via a crafted fDocumentId parameter, which displays the path in the resulting error message. NOTE: this might be resultant from another vulnerability, since this vector also produces XSS. | |||||
| CVE-2006-2895 | 1 Mediawiki | 1 Mediawiki | 2017-07-20 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in MediaWiki 1.6.0 up to versions before 1.6.7 allows remote attackers to inject arbitrary HTML and web script via the edit form. | |||||
| CVE-2006-2897 | 1 Funkboard | 1 Funkboard | 2017-07-20 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in FunkBoard 0.71 allows remote attackers to inject arbitrary HTML or web script via unspecified vectors. | |||||
| CVE-2006-2910 | 1 Cowon America | 1 Jetaudio | 2017-07-20 | 5.1 MEDIUM | N/A |
| Buffer overflow in jetAudio 6.2.6.8330 (Basic), and possibly other versions, allows user-assisted attackers to execute arbitrary code via an audio file (such as WMA) with long ID Tag values including (1) Title, (2) Author, and (3) Album, which triggers the overflow in the tooltip display string if the sound card driver is disabled or incorrectly installed. | |||||
| CVE-2006-2913 | 1 Out Of The Trees Web Design | 1 Selectapix | 2017-07-20 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in SelectaPix 1.31 allows remote attackers to inject arbitrary web script or HTML via the albumID parameter to (1) popup.php and (2) view_album.php. | |||||
| CVE-2006-2921 | 1 Cmpro Team | 1 Clan Manager Pro | 2017-07-20 | 5.1 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in cmpro_header.inc.php in Clan Manager Pro (CMPRO) 1.1 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the (1) cm_ext_server and (2) sitepath parameters. | |||||
| CVE-2006-2924 | 1 Ingate | 2 Ingate Firewall, Ingate Siparator | 2017-07-20 | 5.0 MEDIUM | N/A |
| Ingate Firewall in the SIP module before 4.4.1 and SIParator before 4.4.1, when TLS is enabled or when SSL/TLS is enabled in the web server, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake. | |||||
| CVE-2006-2925 | 1 Ingate | 2 Ingate Firewall, Siparator | 2017-07-20 | 4.0 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the web interface in Ingate Firewall before 4.4.1 and SIParator before 4.4.1 allows remote attackers to inject arbitrary web script or HTML, and steal cookies, via unspecified vectors related to "XSS exploits" in administrator functionality. | |||||
| CVE-2006-2926 | 1 Qbik | 1 Wingate | 2017-07-20 | 7.5 HIGH | N/A |
| Stack-based buffer overflow in the WWW Proxy Server of Qbik WinGate 6.1.1.1077 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long URL HTTP request. | |||||
| CVE-2006-2927 | 1 Xfairguy | 1 Codeavalanche Freeforum | 2017-07-20 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in post.asp in CodeAvalanche FreeForum (aka CAForum) 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) msg_subject and (2) msg_body parameters. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-2930 | 1 Sun | 2 Grid Engine, N1 Grid Engine | 2017-07-20 | 4.6 MEDIUM | N/A |
| Unspecified vulnerability in Sun Grid Engine 5.3 and Sun N1 Grid Engine 6.0, when configured in Certificate Security Protocol (CSP) Mode, allows local users to shut down the grid service or gain access, even if access is denied. | |||||
| CVE-2006-2942 | 1 Twiki | 1 Twiki | 2017-07-20 | 5.1 MEDIUM | N/A |
| TWiki 4.0.0, 4.0.1, and 4.0.2 allows remote attackers to gain Twiki administrator privileges via a TWiki.TWikiRegistration form with a modified action attribute that references the Sandbox web instead of the user web, which can then be used to associate the user's login name with the WikiName of a member of the TWikiAdminGroup. | |||||
| CVE-2006-2943 | 1 Cgi-rescue | 1 Webform | 2017-07-20 | 7.5 HIGH | N/A |
| Unspecified vulnerability in CGI-RESCUE WebFORM 4.1 and earlier allows remote attackers to inject email headers, which facilitates sending spam messages. NOTE: the details for this issue are obtained from third party information. | |||||
| CVE-2006-2944 | 1 Cgi-rescue | 1 Form2mail | 2017-07-20 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in CGI-RESCUE FORM2MAIL 1.21 and earlier allows remote attackers to inject email headers, which facilitates sending spam messages. NOTE: the details for this issue are obtained from third party information. | |||||
| CVE-2006-2945 | 1 Andreas Gohr | 1 Dokuwiki | 2017-07-20 | 4.0 MEDIUM | N/A |
| Unspecified vulnerability in the user profile change functionality in DokuWiki, when Access Control Lists are enabled, allows remote authenticated users to read unauthorized files via unknown attack vectors. | |||||
| CVE-2006-2947 | 1 Dmx Forum | 1 Dmx Forum | 2017-07-20 | 5.0 MEDIUM | N/A |
| Dmx Forum 2.1a allows remote attackers to obtain username and password information via a direct request to pops/edit.php with a modified membre parameter. | |||||
| CVE-2006-2953 | 1 Primoris Software | 1 Officeflow | 2017-07-20 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in default.asp in OfficeFlow 2.6 and earlier allows remote attackers to inject arbitrary web script or HTML via the sqlType parameter. | |||||
| CVE-2006-2954 | 1 Primoris Software | 1 Officeflow | 2017-07-20 | 7.5 HIGH | N/A |
| SQL injection vulnerability in files.asp in OfficeFlow 2.6 and earlier allows remote attackers to execute arbitrary SQL commands via the Project parameter. | |||||
| CVE-2006-2955 | 1 Kaphotoservice | 1 Kaphotoservice | 2017-07-20 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in KAPhotoservice 7.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) New Category (newcategory) or (2) apage parameter to (a) edtalbum.asp, or the (3) cat or (4) albumid parameter to (b) album.asp. | |||||
| CVE-2006-2958 | 1 Filzip | 1 Filzip | 2017-07-20 | 2.6 LOW | N/A |
| Directory traversal vulnerability in FilZip 3.05 allows remote attackers to write arbitrary files via a .. (dot dot) in a (1) .rar, (2) .tar, (3) .jar, or (4) .gz file. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | |||||
| CVE-2006-2961 | 1 Aclogic | 1 Cesarftp | 2017-07-20 | 7.5 HIGH | N/A |
| Stack-based buffer overflow in CesarFTP 0.99g and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long MKD command. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | |||||
| CVE-2006-2974 | 1 Emailarchitect | 1 Email Server | 2017-07-20 | 2.6 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in EmailArchitect Email Server 6.1.0.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) errCode and (2) uid parameter in (a) default.asp and (3) dname parameter in (b) /admin/dns.asp and (c) /additional/regdomain_done.asp. | |||||
| CVE-2006-2976 | 1 Coppermine | 1 Coppermine Photo Gallery | 2017-07-20 | 7.5 HIGH | N/A |
| Unspecified vulnerability in usermgr.php in Coppermine Photo Gallery before 1.4.7 has unknown impact and remote attack vectors, possibly related to authorization/authentication errors. | |||||
| CVE-2006-2980 | 1 Viart Ltd | 1 Viart Shop Free | 2017-07-20 | 7.5 HIGH | N/A |
| SQL injection vulnerability in block_forum_topic_new.php in ViArt Shop Free 2.5.5, and possibly other distributions including Light, Standard, and Enterprise, might allow remote attackers to execute arbitrary SQL commands via unknown vectors, probably involving the forum_id parameter. | |||||
| CVE-2006-2987 | 1 Dominios Europa | 1 Picrate | 2017-07-20 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Dominios Europa PICRATE (aka TAL RateMyPic) 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) id, (2) voteid, and (3) vfiel parameters to (a) index.php, and via the (4) nick, (5) email, (6) city, (7) messen, and (8) message form field parameters to (b) add.php. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | |||||
| CVE-2006-2989 | 1 Iisworks | 1 Listpics | 2017-07-20 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in listpics.asp in ASP ListPics 4.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the info parameter. | |||||
| CVE-2006-2990 | 1 Vanillasoft | 1 Vanillasoft Helpdesk | 2017-07-20 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in default.asp in VanillaSoft Helpdesk 2005 and earlier allows remote attackers to inject arbitrary web script or HTML via the username parameter. | |||||
| CVE-2006-2992 | 1 My Photo Scrapbook | 1 My Photo Scrapbook | 2017-07-20 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in display.asp in My Photo Scrapbook 1.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the key_m parameter. | |||||
| CVE-2006-2993 | 1 My Photo Scrapbook | 1 My Photo Scrapbook | 2017-07-20 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in My Photo Scrapbook 1.0 and earlier allow remote attackers to execute arbitrary SQL commands via the key parameter in (1) Displayview.asp and (2) Details_Photo_bv.asp. | |||||
| CVE-2006-2999 | 1 Okscripts | 1 Quicklinks | 2017-07-20 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in search.php in OkScripts QuickLinks 1.1 allows remote attackers to inject arbitrary web script or HTML via the q parameter. | |||||
| CVE-2006-3000 | 1 Okscripts | 1 Okarticles | 2017-07-20 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in search.php in OkScripts OkArticles 1.0 allows remote attackers to inject arbitrary web script or HTML via the q parameter. | |||||
| CVE-2006-3001 | 1 Okscripts | 1 Okmall | 2017-07-20 | 5.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in search.php in OkScripts OkMall 1.0 allow remote attackers to inject arbitrary web script or HTML via the page parameter. NOTE: this might be resultant from another vulnerability, since the XSS is reflected in an error message. | |||||
| CVE-2006-3002 | 1 Easy Ad-manager | 1 Easy Ad-manager | 2017-07-20 | 5.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in details.php in Easy Ad-Manager allows remote attackers to inject arbitrary web script or HTML via the mbid parameter, which is reflected in an error message. NOTE: on 20060829, the vendor notified CVE that this issue has been fixed. | |||||
| CVE-2006-3003 | 1 Easy Ad-manager | 1 Easy Ad-manager | 2017-07-20 | 4.3 MEDIUM | N/A |
| details.php in Easy Ad-Manager allows remote attackers to obtain the full installation path via an invalid mbid parameter, which leaks the path in an error message. NOTE: this might be resultant from another vulnerability, since this vector also produces cross-site scripting (XSS). NOTE: on 20060829, the vendor notified CVE that this issue has been fixed. | |||||
| CVE-2006-3004 | 1 Scriptsez | 1 Ez Ringtone Manager | 2017-07-20 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Ez Ringtone Manager allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter in player.php and (2) keyword parameter when performing a search. | |||||
| CVE-2006-3005 | 1 Gentoo | 2 Linux, Media-libs Jpeg | 2017-07-20 | 5.0 MEDIUM | N/A |
| The JPEG library in media-libs/jpeg before 6b-r7 on Gentoo Linux is built without the -maxmem feature, which could allow context-dependent attackers to cause a denial of service (memory exhaustion) via a crafted JPEG file that exceeds the intended memory limits. | |||||
| CVE-2006-3007 | 1 Nullsoft | 1 Shoutcast Server | 2017-07-20 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in SHOUTcast 1.9.5 allow remote attackers to inject arbitrary HTML or web script via the DJ fields (1) Description, (2) URL, (3) Genre, (4) AIM, and (5) ICQ. | |||||
| CVE-2006-3009 | 1 Aliacom | 1 Open Business Management | 2017-07-20 | 5.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Open Business Management (OBM) 1.0.3 pl1 allow remote attackers to inject arbitrary HTML or web script via the (1) tf_lang, (2) tf_name, (3) tf_user, (4) tf_lastname, (5) tf_contact, (6) tf_datebefore, and (7) tf_dateafter parameters to files such as (a) publication/publication_index.php, (b) group/group_index.php, (c) user/user_index.php, (d) list/list_index.php, and (e) company/company_index.php. | |||||